1. Fabrik 3.9 has been released. If you have updated Joomla to 3.9, this is a required update.
    Dismiss Notice

JUser Plugin and Password Safety

Discussion in 'Community' started by ourblok, Oct 14, 2018.

  1. ourblok

    ourblok Caaan do!

    Level: Community
    I have a form using the JUser Plugin. This plugin creates Joomla Users. Great!
    I have a password field in there. I noticed that this is storing passwords to the database. How can I retroactively encrypt these passwrds in the DB and encrypt them moving forward? Is that possible, or do I need to create a new form. Is it possible to not even store the password and just pass it to Joomla?
    Thanks!
     
  2. troester

    troester Well-Known Member Staff Member

    Level: Community
    The password element is storing encrypted.
    Where are you seeing plain text passwords?
     
  3. ourblok

    ourblok Caaan do!

    Level: Community
    In phpMyAdmin.
     
  4. troester

    troester Well-Known Member Staff Member

    Level: Community
    In a column belonging to a password element (plugin type = password)?
    Which Joomla and Fabrik?
     
  5. ourblok

    ourblok Caaan do!

    Level: Community
    In in the Joomla Users DB Table, the password is encrypted. In the database on phpmyadmin for the table created fabrik's list, the passwords are not encrypted. When you look at the list on Joomla, it shows up like this ****************. My goal is to retroactivle encrypt that column and have everything encrypted in it moving forward, of course without messing things up.
     
  6. troester

    troester Well-Known Member Staff Member

    Level: Community
    I assume you don't use a password element but a simple field with "input type" = password.

    You can set a field element to "Encrypt data" (in Access settings) but I really don't know how this is doing with existing records.
    I think there was a thread somewhere about element encryption
     
  7. ourblok

    ourblok Caaan do!

    Level: Community
    Do have the input type set to password, yes.

    I guess it doesn't matter what happens to the existing record in the fabrik table, as long as it doesn't break the joomla users table. I'll test it out.
     
  8. cheesegrits

    cheesegrits Support Gopher Staff Member

    Level: Community
    You should be able to set the element to encrypted. When you save the settings after changing that, Fabrik should attempt to encrypt the entire column. But I suggest you do an Akeeba backup first.

    -- hugh
     

Share This Page